示例#1
0
 /**
  * Verify the message signature for this request
  * 
  * @return mixed This returns true if the request verified.  If the request did not verify, 
  * this returns an array with the first element as an error string, and the second element
  * as the base string of the request.
  */
 public static function verifyKeyAndSecret($key, $secret, $http_url = NULL)
 {
     global $LastOAuthBodyBaseString;
     if (!($key && $secret)) {
         return array("Missing key or secret", "");
     }
     $store = new TrivialOAuthDataStore();
     $store->add_consumer($key, $secret);
     $server = new OAuthServer($store);
     $method = new OAuthSignatureMethod_HMAC_SHA1();
     $server->add_signature_method($method);
     $method = new OAuthSignatureMethod_HMAC_SHA256();
     $server->add_signature_method($method);
     $http_method = NULL;
     // Leave as default
     /*
             $http_url = NULL; // Default
             if ( $base_url !== NULL ) {
                 $pieces = parse_url($base_url);
     
                 if ( isset($pieces['scheme']) ) {
                     $scheme = $pieces['scheme'];
                 } else {
                     $scheme = (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")
                         ? 'http' : 'https';
                 }
     
                 if ( isset($pieces['port']) ) {
                     $port = ':'.$pieces['port'];
                 } else {
                     $port = '';
                     if ( $_SERVER['SERVER_PORT'] != "80" && $_SERVER['SERVER_PORT'] != "443" &&
                         strpos(':', $_SERVER['HTTP_HOST']) < 0 ) {
                         $port =  ':' . $_SERVER['SERVER_PORT'] ;
                     }
                 }
                 $host = isset($pieces['host']) ? $pieces['host'] : $_SERVER['HTTP_HOST'];
     
                 $http_url = $scheme .  '://' . $host .  $port .
                                   $_SERVER['REQUEST_URI'];
             }
     */
     $request = OAuthRequest::from_request($http_method, $http_url);
     $LastOAuthBodyBaseString = $request->get_signature_base_string();
     try {
         $server->verify_request($request);
         return true;
     } catch (\Exception $e) {
         return array($e->getMessage(), $LastOAuthBodyBaseString);
     }
 }
示例#2
0
文件: LTI.php 项目: ixtel/tsugi
 /**
  * Verify the message signature for this request
  * 
  * @return mixed This returns true if the request verified.  If the request did not verify, 
  * this returns an array with the first element as an error string, and the second element
  * as the base string of the request.
  */
 public static function verifyKeyAndSecret($key, $secret)
 {
     global $LastOAuthBodyBaseString;
     if (!($key && $secret)) {
         return array("Missing key or secret", "");
     }
     $store = new TrivialOAuthDataStore();
     $store->add_consumer($key, $secret);
     $server = new OAuthServer($store);
     $method = new OAuthSignatureMethod_HMAC_SHA1();
     $server->add_signature_method($method);
     $request = OAuthRequest::from_request();
     $LastOAuthBodyBaseString = $request->get_signature_base_string();
     try {
         $server->verify_request($request);
         return true;
     } catch (\Exception $e) {
         return array($e->getMessage(), $LastOAuthBodyBaseString);
     }
 }